Deserialization fails on ConcurrentHashMap in Spring User object

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Try to serialize a spring User object that contains a TreeSet
2.
3.

What is the expected output? What do you see instead?
Correct serialization. Stack Trace
WARNING: Could not load session with id C85C5CD2388F9929DC99908ED6013146-n1 
from memcached.
com.esotericsoftware.kryo.SerializationException: Unable to deserialize object 
of type: java.util.concurrent.ConcurrentHashMap
    at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:593)
    at com.esotericsoftware.kryo.ObjectBuffer.readObject(ObjectBuffer.java:213)
    at de.javakaffee.web.msm.serializer.kryo.KryoTranscoder.deserializeAttributes(KryoTranscoder.java:256)
    at de.javakaffee.web.msm.TranscoderService.deserializeAttributes(TranscoderService.java:159)
    at de.javakaffee.web.msm.TranscoderService.deserialize(TranscoderService.java:116)
    at de.javakaffee.web.msm.MemcachedSessionService.loadFromMemcached(MemcachedSessionService.java:1027)
    at de.javakaffee.web.msm.MemcachedSessionService.findSession(MemcachedSessionService.java:578)
    at de.javakaffee.web.msm.MemcachedBackupSessionManager.findSession(MemcachedBackupSessionManager.java:196)
    at org.apache.catalina.connector.Request.doGetSession(Request.java:2841)
    at org.apache.catalina.connector.Request.getSession(Request.java:2307)
    at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:897)
    at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229)
    at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.createNewSessionIfAllowed(HttpSessionSecurityContextRepository.java:339)
    at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.saveContext(HttpSessionSecurityContextRepository.java:280)
    at org.springframework.security.web.context.HttpSessionSecurityContextRepository.saveContext(HttpSessionSecurityContextRepository.java:104)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at com.redbox.digital.proxy.security.WSFedRememberMeAuthenticationFilter.doFilter(WSFedRememberMeAuthenticationFilter.java:104)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at com.redbox.digital.proxy.security.WSFedRequestParamPreAuthenticationFilter.doFilter(WSFedRequestParamPreAuthenticationFilter.java:195)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
    at de.javakaffee.web.msm.SessionTrackerValve.invoke(SessionTrackerValve.java:126)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:722)
Caused by: com.esotericsoftware.kryo.SerializationException: Unable to 
deserialize object of type: 
org.springframework.security.core.context.SecurityContextImpl
    at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:571)
    at com.esotericsoftware.kryo.serialize.MapSerializer.readObjectData(MapSerializer.java:129)
    at com.esotericsoftware.kryo.Serializer.readObject(Serializer.java:61)
    at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:589)
    ... 52 more
Caused by: com.esotericsoftware.kryo.SerializationException: Serialization 
trace:
authorities (org.springframework.security.core.userdetails.User)
principal 
(org.springframework.security.authentication.UsernamePasswordAuthenticationToken
)
authentication (org.springframework.security.core.context.SecurityContextImpl)
    at com.esotericsoftware.kryo.serialize.FieldSerializer.readObjectData(FieldSerializer.java:238)
    at com.esotericsoftware.kryo.serialize.ReferenceFieldSerializer.readObjectData(ReferenceFieldSerializer.java:81)
    at com.esotericsoftware.kryo.serialize.FieldSerializer.readObjectData(FieldSerializer.java:220)
    at com.esotericsoftware.kryo.serialize.ReferenceFieldSerializer.readObjectData(ReferenceFieldSerializer.java:81)
    at com.esotericsoftware.kryo.serialize.FieldSerializer.readObjectData(FieldSerializer.java:220)
    at com.esotericsoftware.kryo.serialize.ReferenceFieldSerializer.readObjectData(ReferenceFieldSerializer.java:81)
    at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:566)
    ... 55 more
Caused by: java.lang.ClassCastException: 
org.springframework.security.core.authority.SimpleGrantedAuthority cannot be 
cast to java.lang.Comparable
    at java.util.TreeMap.compare(TreeMap.java:1188)
    at java.util.TreeMap.put(TreeMap.java:531)
    at java.util.TreeSet.add(TreeSet.java:255)
    at com.esotericsoftware.kryo.serialize.CollectionSerializer.readObjectData(CollectionSerializer.java:113)
    at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:566)
    at de.javakaffee.kryoserializers.UnmodifiableCollectionsSerializer.readObjectData(UnmodifiableCollectionsSerializer.java:84)
    at com.esotericsoftware.kryo.serialize.FieldSerializer.readObjectData(FieldSerializer.java:220)
    ... 61 more

What version of the Kryo are you using?
1.6.1

Please provide any additional information below.

Original issue reported on code.google.com by monster...@gmail.com on 20 Jun 2012 at 6:41

[GoogleCodeExporter]

Kyro 1.04 is the version. 1.6.1 is msm-kyro-serializer.

Original comment by monster...@gmail.com on 20 Jun 2012 at 6:43

[GoogleCodeExporter]

This issue was closed by revision r313.

Original comment by nathan.s...@gmail.com on 21 Jun 2012 at 2:01

• Changed state: Fixed

[GoogleCodeExporter]

It looks like SimpleGrantedAuthority is trying to be put in the TreeMap, but 
does not implement Comparable, so it explodes. Probably the TreeMap has a 
Comparator and was serialized using MapSerializer, which serialized the keys 
and values but not the Comparator. You'll need to extend MapSerializer and use 
treeMap.comparator() to serialize the comparator, then the keys and values. On 
deserialization you would read the comparator, then create a TreeMap with it, 
then read the values. An implementation has been checked in for Kryo v2. You 
can write one for v1 if necessary.

Original comment by nathan.s...@gmail.com on 21 Jun 2012 at 2:01

[GoogleCodeExporter]

It actually has an inner class for the implementation.

In the end, I just overrode the object in my local project and removed the
TreeMap used to sort GrantedAuthority objects. I probably need to file
something on Spring to make their User object more serialization friendly
and extensible.

Original comment by monster...@gmail.com on 21 Jun 2012 at 1:46

[GoogleCodeExporter]

Could you please share in which version of Kryo this is fixed. 

We were using msm 1.6.5 with kryo-1.04.jar on OpenJdk 6 AWS EC2 instance. This 
was working fine, we started seeing this issue when we upgraded to Java 7 (No 
other changes in environment) 

We tested using msm 1.8.1 with Kryo 2.2.2 Issue exists. 

Spring Version : 3.1.2.RELEASE

Original comment by tito...@gmail.com on 20 Feb 2014 at 6:01

Attachments:

• Exception.txt

[GoogleCodeExporter]

I am facing this exception too. Could anyone give directions on how to fix it? 
Tried the latest version of msm (1.8.3) and kryo (2.24)

Original comment by amruthke...@gmail.com on 7 Dec 2014 at 1:08